Skip to content
IAC International Accreditation Center
Verify registry

Editorial · Standards & Research

The standards of conformity assessment

Almost everyone knows ISO 9001 or ISO/IEC 27001. Few know the standards that govern who evaluates whom: ISO/IEC 17011, 17021-1, 17024 and 17065. Without that second map, a certificate is a claim with no visible structure behind it.

Published 2026-06-17 International Accreditation Center Map of standards

The invisible layer of trust

An organization displays its ISO 9001 certificate and the conversation ends there: the document exists, therefore the matter is settled. The question almost no one asks is the one that matters: who evaluated whoever issued that certificate, and under which standard they did so. That standard exists, has a number, and defines the evaluator’s craft with the same rigor that ISO 9001 defines the craft of the organization being assessed.

The family of conformity assessment standards occupies that invisible layer. They do not describe what a company must do to manage its quality: they describe what the body that evaluates that management must meet, the body that evaluates the competence of a person, the body that certifies a product, and the body that accredits all of the above. Knowing the standard of the object without knowing the standard of the evaluator is reading half the page.

A certificate is not worth what it claims, but the chain of standards that makes that claim verifiable.

ISO/IEC 17011 — who accredits the bodies

ISO/IEC 17011:2017, in its second edition, establishes the requirements for accreditation bodies: the entities that evaluate and recognize the competence of conformity-assessment bodies. It is the roof of the building. An accreditation body does not certify companies or persons: it verifies that those who do are technically competent, impartial and consistent within a declared scope. Since 1 January 2026, the international cooperation among accreditation bodies is GLOBAC, successor to the IAF. This standard, together with the rest of the reference catalog, is set out in the Standards & Research hub.

ISO/IEC 17021-1 — management-system certification

ISO/IEC 17021-1:2015 governs the bodies that certify management systems: those that audit and certify implementations of ISO 9001, ISO/IEC 27001, ISO 14001 and the rest of the management family. The object assessed is the organization through its system, and the standard sets the rules of auditing, impartiality, team competence and management of the certification cycle. When a management-system certificate cites an accreditation, that accreditation is granted against this standard. The distinction between the two —who is accredited and who is certified— is developed in accreditation vs. certification.

ISO/IEC 17024 — certification of persons

ISO/IEC 17024:2012 governs the bodies that certify the competence of persons. It is the standard that separates a verifiable credential from an attendance certificate: it requires independent assessment of the candidate, defined competence schemes, validity and recertification. The object assessed is the person, not their résumé nor the course they took. The reference catalog that situates this standard among the rest is gathered in the Standards & Research hub.

ISO/IEC 17065 — certification of products and services

ISO/IEC 17065 governs the bodies that certify products, processes and services against a defined technical scheme. Here the object assessed changes in nature: it is neither an organization nor a person, but what they produce or deliver, checked against the specific requirements of the sectoral scheme. It is the standard behind much of the product conformity marking. Where it sits within the full family is mapped in the Standards & Research hub.

How they chain together

The four standards are not a list: they are a chain. Accreditation enables certification, and certification produces a certificate that must be verifiable. Read in that order, the family explains why a serious certificate is never an isolated document, but the last visible link of a structure that begins much earlier.

  1. 01 Accreditation

    An accreditation body, under ISO/IEC 17011, evaluates the technical competence of a conformity-assessment body within a defined scope.

  2. 02 Certification

    That body, accredited under 17021-1, 17024 or 17065 according to the object, evaluates the specific subject —an organization, a person, a product— and issues the certificate.

  3. 03 Verifiable certificate

    The certificate declares issuer, accreditation, scope and validity. It is worth what it withstands under a direct consultation with the issuer and its accreditation body.

The International Accreditation Center does not form part of this official chain: it does not accredit bodies nor certify management systems, persons or products. IAC uses these standards as a reading reference to record and verify technical evidence within its declared scope, and publishes an independent registry that operates in the layer of direct consultation. The full catalog of reference standards, with their uses and their limits, lives in the Standards & Research hub. To move from the map to practice, the sibling guide sets out how to verify an ISO certificate with the issuing body.

From the map to verification

With the map in hand, verify the document.

Knowing which standard governs whom is half the work. The other half is confirming that a specific certificate is current, covers the scope it declares and cites a real accreditation. Start with the code.

Next step

Verify an IAC code → How to verify an ISO certificate See reference standards